[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up openldap for day-to-day admin



At 06:39 PM 5/6/2004, Maxwell Bottiger wrote:
>        I'm having a bit of trouble wrapping my brain around the steps
>needed to make a pretty simple setup of OpenLDAP work for me.  I was
>able to use ldapadd to put a bunch of users into my database, then set
>up nsswitch.conf to allow ldap to emulate NIS. I can't tell you how
>happy I am to be rid of NIS, OpenLDAP has been awesome to me.

I note that you should direct a major portion of your acclaim to
the fine folks at PADL who development and maintain the key LDAP
applications which make that possible, such as pam_ldap and nss_ldap.
Of course, you could have choose any other LDAP server to work with
these applications, I'm pleased you were you are happy with OpenLDAP.
                                                                          
>So, I think that I need to do 2 things.  First, I
>need ldap to recognize users for who they are, not anonymous.

How to configure the pam_ldap and nss_ldap applications to
authenticate is a question you should take to the appropriate
PADL mailing list, <pamldap@padl.com> or <nssldap@padl.com>,
respectively.

>Second
>I'd like to set myself up as the ldap admin, so that I can easily edit
>things like users and passwords and phone numbers (instead of always
>having to specify "cn=ldapadmin,dc=modsim,dc=lab")  Where do I start?

For OpenLDAP clients, you can set BINDDN.  See OpenLDAP's ldap.conf(5)
for details.  For other clients, see their documentation.

Kurt